KR20230044953A - Computing method and system for managing files through account authentication of blockchain - Google Patents

Abstract

The purpose of the present invention is to encrypt and record personal files which require protection in distributed storage such as IFPS and allow access to be granted through personal account verification on the blockchain. Since the history of documents issued through certification is recorded on the blockchain and the documents are recorded and stored in distributed environment storage, storage and management of personal documents becomes easy and loss, forgery, or alteration becomes impossible.

Description

Computing method and system for managing files through blockchain account authentication

The present invention relates to a computing method and system for managing files through account authentication of a block chain, and more particularly, to a computing method and system capable of managing personal files requiring authentication through account authentication of a block chain. will be.

In the past, a file was recorded using a database. However, for personal files that require proof, for example, personal files such as permits, it was common to obtain and keep the originals on paper and copy the originals for use.

In this way, since the original itself is issued in paper, damage or loss of the original cannot help but occur frequently. In addition, when various certifications or permits are required, there is an inconvenience in that copies must be copied and submitted one by one. Furthermore, since the management of the original is not perfect in reality, theft or forgery or alteration of the original frequently occurs. At this time, since the owner of the original copy cannot immediately know whether it has been stolen or forged, it is difficult to respond immediately and it is not easy to check the facts itself, so damage frequently occurs.

In addition, there is also the inconvenience of reissuance and renewal of the original. Specifically, when the original owner loses the original, there is an inconvenience of having to reissue it. In addition, when the content of the original is changed or updated, it is inconvenient to receive it again or to submit the existing original to the user institution again.

Furthermore, the process of checking the permission and certification of the original is cumbersome. For example, certificates or permits that cannot be verified electronically must go through the process of verifying them again after receiving a copy. In addition, due to their characteristics, it is difficult to verify the authenticity of permits and certificates that must be visually checked off-line.

Therefore, it is required to find a way to use personal files requiring privacy and proof on a blockchain network without fear of data leakage or forgery.

Blockchain technology is a technology for recording and storing the contents of transactions performed on network communication in a reliable and safe way. A blockchain network is a system in a distributed environment in which digitized assets or transactions can be exchanged, and uses a shared ledger to record the history of electronic transactions or work history occurring in a peer-to-peer (P2P) network. do.

Since the blockchain network uses a decentralized or decentralized consensus mechanism, transaction forgery by a third party is virtually impossible, thereby ensuring reliability and transparency of the transaction. Recently, the use of blockchain technology has been attempted in various service fields such as financial services and medical services such as healthcare.

The present disclosure provides a computing method for managing files through account authentication of a block chain, a computer program stored in a recording medium, and a system or device to solve the above problems.

According to some embodiments of the present disclosure, a computing method for managing files through account authentication of a blockchain that can use and manage personal files requiring proof on a blockchain network without fear of data leakage and forgery, and a computing method stored in a recording medium Its purpose is to provide a computer program, and a system or device.

According to some embodiments of the present disclosure, the process of verifying the permission and certification of the original is easy and certain, and the process of reissuing and/or renewing the original is not required to go through a cumbersome process. Its purpose is to provide a computing method, a computer program stored in a recording medium, and a system or device for

In addition, the problem to be solved in the present disclosure is not limited to the above problem, and other problems may exist.

The present disclosure may be implemented in various ways, including a computing method for managing files through blockchain account authentication, a computer program stored in a recording medium, and a system or device.

Specifically, according to an embodiment of the present disclosure, a computing method for managing files through account authentication of a block chain, performed by at least one processor, is a block chain-based file management system for personal files. Registering a user terminal using the identification information, and providing an individual authentication module to the registered user terminal to drive a file authentication application; Generating, by a blockchain-based file management system, an encryption key for accessing a personal account of a blockchain based on authentication performed according to the execution of the file authentication application; Generating an NFT file that can be accessed with the generated encryption key by a blockchain-based file management system; And by a blockchain-based file management system, encrypting and registering the personal file in a distributed environment storage so that it can be accessed through the NFT file, and recording the registration of the personal file in a smart contract of the blockchain. so it can work.

In an embodiment, the method may include, after the step of driving the file authentication application, linking the personal account of the blockchain by using the ID card information stored in the individual authentication module by a blockchain-based file management system. may further include.

In an embodiment, the step of recording the registration of the personal file may include encrypting a personal file matching the personal account of the linked blockchain through the NFT key by a blockchain-based file management system; and storing an encrypted hash value corresponding to the encrypted personal file in the distributed environment storage by a blockchain-based file management system.

In an embodiment, the method may include, by a blockchain-based file management system, encrypting NFC using a public key extracted by accessing through a personal account of the blockchain; and encrypting an access address of an encrypted file uploaded to the distributed environment storage using the public key by a blockchain-based file management system.

In an embodiment, the method may include receiving an update request for a file by a blockchain-based file management system after registering the personal file; and generating an NFC file corresponding to the received update request by a blockchain-based file management system, decrypting and inserting a watermark into the existing NFC file, and then locking the file.

In an embodiment, the method may further include, by a blockchain-based file management system, recording an update result in a smart contract of the blockchain and providing the update result to a user terminal corresponding to the request.

In an embodiment, the identification information of the personal file is NFC read ID card information through the user terminal, method.

In an embodiment, the method may include receiving a request for viewing a file for a registered personal file by a blockchain-based file management system; Performing authentication using the application activated according to the request and ID card information by a blockchain-based file management system, and accessing a personal account of the blockchain matching the request based on the authentication result; And by a blockchain-based file management system, it may further include receiving a NFT list and accessing a personal file encrypted with an NFT key.

In an embodiment, the method may include, by a blockchain-based file management system, accessing a location of an encrypted personal file using an NFT key and decrypting the encrypted personal file; and storing the decrypted personal file in a temporary memory space by a blockchain-based file management system, and providing a temporary address for accessing the decrypted personal file stored in the temporary memory space to a user terminal corresponding to the request. can include

In an embodiment, the method may further include, after providing, destroying the decrypted personal file stored in the temporary memory space and the temporary address by a blockchain-based file management system.

In an embodiment, the method may include requesting file sharing for a registered personal file by a blockchain-based file management system; Receiving a sharing method and sharer information corresponding to the file sharing after authentication through an ID card by a blockchain-based file management system; And accessing the personal account of the blockchain through the NFT by the blockchain-based file management system, and providing a temporary address of the personal file decrypted through the NFT key based on the input information. there is.

According to some embodiments of the present disclosure, since the history of documents issued through proof is recorded on a blockchain and documents are recorded and stored in a distributed environment storage, storage and management of personal documents are facilitated and loss, forgery, or alteration is prevented. it becomes impossible

In addition, according to some embodiments of the present disclosure, the authenticity of a document (certificate) can be easily confirmed even in an offline environment only with a personal authentication module installed in a mobile device carried by a user at all times and a personal ID card issued in a place where document verification is required. can Accordingly, it is possible to prove the authenticity of a document even in an urgent situation or in a poor environment with the convenience of a method of confirming the authenticity of a document.

In addition, according to some embodiments of the present disclosure, by using a digitally certified digital document, it is easy to store the document and there is no concern about loss, forgery, or alteration. In addition, since the history of document viewing and copy output by a third party is all recorded in the smart contract through NFT on the blockchain, it is easy to view but impossible to forge and alter, making document management more convenient.

In addition, according to some embodiments of the present disclosure, for example, since copies are submitted digitally during various administrative tasks that require submission of copies, not only can the authenticity of documents be easily confirmed, but also convenience is increased, and usability is further extended. It can be.

Embodiments of the present disclosure will be described with reference to the accompanying drawings described below, wherein like reference numbers indicate like elements, but are not limited thereto.
1 is a block diagram showing a schematic configuration of a system for managing files based on a block chain according to the present disclosure.
2 is a diagram illustrating a method in which an issuer and an owner store other documents according to the present disclosure.
3 is a diagram illustrating a document issuing processor according to the present disclosure.
4 is a diagram illustrating a processor of a method of updating and discarding issued documents, according to the present disclosure.
5 is a diagram illustrating a method of registering an ID card and a user terminal in a file authentication system according to the present disclosure.
6 is a diagram illustrating a method of logging in using a registered ID card according to the present disclosure.
7 is a diagram illustrating a process of a file access and reading method according to the present disclosure.
8 is a diagram illustrating a method of providing a copy of a file when sharing a file according to the present disclosure.
9 is a diagram illustrating an offline file access and reading method according to the present disclosure.
10 is a schematic diagram illustrating a configuration in which an information processing system according to an embodiment of the present disclosure is connected to communicate with a plurality of user terminals.

Hereinafter, specific details for the implementation of the present disclosure will be described in detail with reference to the accompanying drawings. However, in the following description, if there is a risk of unnecessarily obscuring the gist of the present disclosure, detailed descriptions of well-known functions or configurations will be omitted.

In the accompanying drawings, identical or corresponding elements are given the same reference numerals. In addition, in the description of the following embodiments, overlapping descriptions of the same or corresponding components may be omitted. However, omission of a description of a component does not intend that such a component is not included in an embodiment.

Advantages and features of the disclosed embodiments, and methods of achieving them, will become apparent with reference to the following embodiments in conjunction with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below and may be implemented in various different forms, but only the present embodiments make the present disclosure complete, and the present disclosure does not extend the scope of the invention to those skilled in the art. It is provided only for complete information.

Terms used in this specification will be briefly described, and the disclosed embodiments will be described in detail. The terms used in this specification have been selected from general terms that are currently widely used as much as possible while considering the functions in the present disclosure, but they may vary according to the intention of a person skilled in the related field, a precedent, or the emergence of new technologies. In addition, in a specific case, there is also a term arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the description of the invention. Therefore, the terms used in the present disclosure should be defined based on the meaning of the terms and the general content of the present disclosure, not simply the names of the terms.

Expressions in the singular number in this specification include plural expressions unless the context clearly dictates that they are singular. Also, plural expressions include singular expressions unless the context clearly specifies that they are plural. When it is said that a certain part includes a certain component in the entire specification, this means that it may further include other components without excluding other components unless otherwise stated.

Also, the term 'module' or 'unit' used in the specification means a software or hardware component, and the 'module' or 'unit' performs certain roles. However, 'module' or 'unit' is not meant to be limited to software or hardware. A 'module' or 'unit' may be configured to reside in an addressable storage medium and may be configured to reproduce one or more processors. Thus, as an example, a 'module' or 'unit' includes components such as software components, object-oriented software components, class components, and task components, processes, functions, and attributes. , procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, or variables. Functions provided within components and 'modules' or 'units' may be combined into a smaller number of components and 'modules' or 'units', or further components and 'modules' or 'units'. can be further separated.

According to one embodiment of the present disclosure, a 'module' or 'unit' may be implemented with a processor and a memory. 'Processor' should be interpreted broadly to include general-purpose processors, central processing units (CPUs), microprocessors, digital signal processors (DSPs), controllers, microcontrollers, state machines, and the like. In some circumstances, 'processor' may refer to an application specific integrated circuit (ASIC), programmable logic device (PLD), field programmable gate array (FPGA), or the like. 'Processor' refers to a combination of processing devices, such as, for example, a combination of a DSP and a microprocessor, a combination of a plurality of microprocessors, a combination of one or more microprocessors in conjunction with a DSP core, or a combination of any other such configurations. You may. Also, 'memory' should be interpreted broadly to include any electronic component capable of storing electronic information. 'Memory' includes random access memory (RAM), read-only memory (ROM), non-volatile random access memory (NVRAM), programmable read-only memory (PROM), erasable-programmable read-only memory (EPROM), It may also refer to various types of processor-readable media, such as electrically erasable PROM (EEPROM), flash memory, magnetic or optical data storage, registers, and the like. A memory is said to be in electronic communication with the processor if the processor can read information from and/or write information to the memory. Memory integrated with the processor is in electronic communication with the processor.

In the present disclosure, a 'system' may include at least one of a server device and a cloud device, but is not limited thereto. For example, a system may consist of one or more server devices. As another example, a system may consist of one or more cloud devices. As another example, the system may be operated by configuring a server device and a cloud device together.

In this disclosure, 'display' may refer to any display device associated with a computing device, for example, any display device capable of displaying any information/data provided or controlled by the computing device. can refer to

In the present disclosure, 'each of a plurality of A' or 'each of a plurality of A' may refer to each of all components included in a plurality of A's, or each of some components included in a plurality of A's. .

In this disclosure, 'Smart Contract' is a code implementation of a written contract so that a desired contract can be safely concluded between individuals, and a script that executes the contract when specific conditions are met means (script). The contracts uploaded to the blockchain mainnet are open for anyone to see and are difficult to falsify.

In this disclosure, 'EOA' is an account creation process in which a private key is generated through a wallet program, a public key is generated through the generated private key, and an address is generated, and an account created through this process. is referred to as EOA.

In this disclosure, 'Non-Fungible Token (NFT)' refers to a cryptocurrency in which one token cannot be replaced with another, and non-fungible tokens play a large role in ensuring the ownership of digital assets by users. do. Existing centralized services have limitations that can no longer be used when the service is terminated, but NFTs are recorded in the blockchain system to ensure safe protection and rights. As a result, users can more fully own and utilize their digital assets.

In the present disclosure, 'Advanced Encryption Standard (AES) encryption' is As an advanced encryption standard, AES is an encryption method designated as a federal information processing standard by the National Institute of Standards and Technology, and is the only publicly available encryption algorithm among approved encryption algorithms.

In the present disclosure, 'asymmetric encryption' means using two keys in relation to encryption, where a key means a constant that opens and locks a message. Generally, in many public key algorithms, the public key is known to everyone and is used to encrypt the message. Encrypted messages can be decrypted and viewed only by those who have the private key. Anyone with a public key algorithm can encrypt a message, but only a person with a private key can decrypt and read the encrypted message.

In the present disclosure, an 'asymmetric key' is a pair of a public key and a private key. If the key for encryption and the key for decryption are different, it is said to be an asymmetric key. An asymmetric key includes a public key that can encrypt information with a key that is open to others and a private key that only the user knows and can decrypt only a specific person with authority. pair up

The encryption method using an asymmetric key can be divided into a case of encryption with a public key and a case of encryption with a private key. If more emphasis is placed on data security, encryption with a public key is selected, whereas encryption with a private key is selected if the emphasis is on the authentication process through a secure digital signature.

In the present disclosure, 'InterPlanetary File System (IPFS)' means a protocol for storing data in a distributed file system and sharing it over the Internet. IPFS is used, for example, to share large files and data in a peer-to-peer manner such as Napster or Torrent. Also, since IPFS is open and non-centralized, it limits the centralization of the web, and the backbone of dApps is blockchainized.

The existing HTTP method was a method of finding the address where the data is located and bringing the desired content at once, but the IPFS according to the present disclosure uses a hash value converted to the data content to distribute and store content in multiple computers around the world. It works by finding the data, breaking it into small pieces, importing them at high speed, and then putting them back together and displaying them. At this time, the hash table stores information in key/value pairs, and since numerous distributed nodes around the world store the information, the user can use IPFS to save information in the case of the existing HTTP method. Data can be stored and retrieved much faster than before. When a file is registered on IPFS, an accessible IPFS hash key is issued, and the file can be accessed through the hash key.

In the present disclosure, a 'heap memory area' means a user's dynamically allocated area whose size is determined according to the runtime of an operating system, and can temporarily store data.

In the present disclosure, 'Near Field Communication (NFC)' refers to communication for exchanging wireless data within a distance of 10 cm. In addition, 'NFC chip' refers to a microchip that is mounted on a device such as a smart phone and enables a specific function (eg, Bluetooth pairing, payment, etc.) to be performed using NFC communication when contacting an NFC tag. do. Because NFC technology transmits and receives information only at a very short distance, information exchange is safe and information users can be identified more reliably, which is useful for providing customized services.

In the present disclosure, 'document (certificate)' or 'personal file' is a concept that includes all types of files, documents, ID cards, etc. that require privacy protection and certification, and 'document (certificate)' or 'personal file' It is clear in advance that it can be used interchangeably in this specification.

Hereinafter, in the present disclosure, a computing method for managing files through account authentication of a blockchain, a computer program stored in a recording medium, and a system or device will be described in more detail.

First, FIG. 1 is a block diagram showing a schematic configuration of a system 100 for managing files based on a block chain according to the present disclosure.

The system 100 encrypts and records personal files that require privacy protection and verification in a distributed storage such as IFPS, and operates so that access to personal files can be authorized through personal account verification on a blockchain.

The system 100 includes a user terminal 110, an external personal authentication service module 120, a file authentication system (or 'file authentication service module') 130, a blockchain 140 including a smart contract 150, and a storage 160 in a file distribution environment such as IFPS.

The system 100 is a personal file that requires NFC-led privacy protection and verification through the user terminal 110, for example, the information of the NFC chip of the ID card (eg ID card, driver's license, resident card, security pass, etc.) (eg, identification number, personal information, etc.) can be recorded in the smart contract 150 of the blockchain 140.

The system 100 includes the MAC and / or S / N key of the user terminal 110, which can be obtained through information (eg, identification number, personal information, etc.) of the NFC chip, and the smart contract of the blockchain 140 ( 150) can be recorded. In addition, the system 100 can register the information of the user terminal 110 through the identification number of the ID card, download the authentication module of the system using the registered user terminal 110, and run the application.

The system 100 provides, for example, qualification (eg, granting an encrypted key) to access the personal account of the blockchain 140 through authentication according to the execution of the application of the user terminal 110, and NFT is issued so that access can be allowed through NFT.

The user terminal 110 is capable of wired and/or wireless communication, and any application, mobile browser application, web browser or web browser extension program related to the storage and use of personal files requiring privacy protection and authentication may be installed and executed. may be a computing device of For example, the user terminal includes a smartphone, a mobile phone, a navigation device, a computer, a laptop computer, a digital broadcasting terminal, a personal digital assistant (PDA), a portable multimedia player (PMP), a tablet PC, a game console, and a wearable device ( wearable device), internet of things (IoT) device, virtual reality (VR) device, augmented reality (AR) device, and the like.

An application or program for storing and using a personal file requiring privacy protection and verification, for example, the ID card (identity card) 10 may be installed in the user terminal 110 .

When the user terminal 110 executes the application or program and activates the NFC function, the ID card (identity card) 10 is read through the NFC chip (read) 101 .

The external personal authentication service module 120 is an authentication and management service for the NFC-led ID card (identity card) 10 through the user terminal 110, for example, individual authentication 102, internal data encryption storage ( 103), external personal authentication is performed through the dedicated encryption module 104. The external personal authentication service module 120 may include, for example, reliable personal authentication such as financial certificates, biometric authentication, mobile phone authentication, and the like.

The file authentication service module 130 operates in conjunction with the blockchain 140 and provides services related to records, changes, and updates to the blockchain. The file authentication service module 130 may perform operations such as account linkage of the blockchain 140, file-related records, file update notification, and related service provision.

Personal accounts 141a, 141b, ... 141n are stored in the block chain 140, and the owner of the file or a third party with permission to access the encrypted file of the distributed environment storage 160 through the owner's specific personal account You can access your personal files. At this time, the owner of the file or a third party who has been granted access permission 105 through the issued NFT to access the encrypted personal files 161a, 161b, .... 161n of the file distribution environment storage 160 should request

The owner of the file or an authorized third party is allowed access only to a specific encrypted personal file that matches a specific personal account among the personal accounts 141a, 141b, ... 141n stored in the blockchain 140. For example, only the first encrypted personal file 161a can be accessed through the first personal account 141a of the blockchain 140, and through the second personal account 141b of the blockchain 140 Only the second encrypted personal file 161b can be accessed.

In the smart contract 150 of the blockchain 140, a record of encrypted personal files 161a, 161b, .... 161n stored in the file distributed environment storage 160, for example, the date of creation of the personal file, the file name , other information related to the file is stored as meta information. In addition, records of access to encrypted personal files through personal accounts of the blockchain 140 are also stored in the smart contract 150.

As such, according to the system for managing files through account authentication of the blockchain according to the present disclosure, the history of documents issued through certification is recorded on the blockchain and documents are recorded and stored in the storage of a distributed environment. Storage and management of documents becomes easy, and loss, forgery, or alteration becomes impossible.

2 is a diagram illustrating a method in which an issuer and an owner store other documents according to the present disclosure. If the issuer of the document, for example, a personal file requiring privacy protection and certification, and the owner of the file are different, management and use of the personal file may be performed by different entities.

Issuer 210 may, for example, upon request, issue and update documents, verify document usage history, and/or provide copies of documents. For this management 201 , the personalization agent 210 may access the file authentication system 230 .

The owner 220 may request, for example, original inquiry and confirmation, document change and inquiry history confirmation, and/or document provision and confirmation request. For this use 202, the owner 220 may access the file authentication system 230.

The file authentication system 230 links the personal account of the block chain 240. The file authentication system 230 performs file-related recording. The file authentication system 230 performs file update notification.

The issuance period 210 uses a personal account registered in the block chain 240 for management 201 . Thereafter, the personalization agent 210 may access the encrypted personal files 251a, 251b, ... 251n stored in the file distribution environment storage 250 through the issued NFT.

Owner 220 uses a personal account on blockchain 240 for use 202 . Thereafter, the owner 220 may access the encrypted personal files 251a, 251b, ... 251n stored in the file distribution environment storage 250 through the issued NFT.

The encrypted personal files 251a, 251b, ... 251n stored in the file distribution environment storage 250 are encrypted and stored as hash values.

In the personal account of the blockchain 240 that matches the personal file that the issuer 210 and/or the owner 220 wants to access, an NFT is issued (issued) to encrypt and decrypt the matching personal file. When the NFT is issued (issued), the owner 220 of the file is notified. The issuer 210 and/or the owner 220 can access the matching encrypted personal file by proving the personal account of the blockchain 240 through the issued (issued) NFT.

As such, according to an embodiment of the present disclosure, by using a blockchain-based digital document, even if the issuing authority and owner of the document are different, it is easy to store the document and there is no concern about loss, forgery, or alteration. In addition, since the history of document viewing and copy output by a third party is all recorded in the smart contract through NFT on the blockchain, it is easy to browse but impossible to forge and alter, making document management more convenient.

Hereinafter, an example of a method of issuing, updating, and discarding a blockchain-based digital document will be described in more detail.

3 is a diagram illustrating a processor issuing a document according to the present disclosure.

The personalization agent 310 requests the original document (certificate) and owner information of the document to be registered in the file authentication system 330 (301).

The file authentication system 330 encrypts the original document (certificate) using the original document (certificate) and owner information of the document, and stores the encrypted hash value in the file distribution environment storage 350 ( 302).

In addition, the file authentication system 330 verifies the personal account on the blockchain 340 using the owner information of the document (certificate) (303). As a result of the check, if a personal account exists, an NFT is created based on the encrypted information stored in the file distribution environment storage 350 through the account. As a result of the check, if the personal account does not exist, a new account is created, and an NFT is created based on the encrypted information stored in the file distribution environment storage 350 through the created account.

In this way, when the encrypted hash value is stored in the file distribution environment storage 350 and the personal account on the blockchain 340 is confirmed, a matching NFT generation request 304 is requested, and Record the information in the smart contract (305).

When the information on the issued NFT is delivered to the file authentication system 330, the file authentication system 330 transmits the issuance history and usage guide of the NFT to the owner 320, for example, the owner's terminal.

Specifically, the issued NFT information is transmitted through the application of the terminal of the owner 320, and if the related application is not installed, for example, the issuance history of the NFT and the installation guide of the available application are provided through an instant / SNS message It may be transmitted in the form of a connection link or the like.

At this time, the issued NFT is accessed through the personal account of the blockchain and RSA encrypted using the extracted public key. For example, the AES encryption key is AES encrypted through the public and private keys, and then used It can be performed in a way to asymmetrically encrypt the file. In addition, for example, the 'access address' of a personal file uploaded to a file distribution environment storage can also be encrypted and stored through a public key.

Next, FIG. 4 is a diagram illustrating a processor of a method of updating and discarding an issued document according to the present disclosure. 4 suggests a method of updating and/or discarding an already issued document (certificate) without deleting the original and the matching NFT.

Referring to FIG. 4 , the personalization agent 410 requests registration ( 401 ) of the updated original document (certificate) and its owner information to the file authentication system 430 .

The file authentication system 430 encrypts the updated original document (certificate) using the updated original document (certificate) and its owner information, and stores the encrypted hash value in the file distribution environment storage 450. (402).

When the file distribution environment storage 450 stores an encrypted hash value corresponding to the original document (certificate) that has been updated and requests generation of an NFT matching thereto (403), the NFT is issued (issued). That is, a registration process and NFT issuance (issuance) similar to those described with reference to FIG. 3 are performed.

On the other hand, the blockchain 440 provides information of the issued NFT, that is, NFT information including update and deletion targets to the file distribution environment storage (407). Then, the file distribution environment storage records (405) such NFT information (eg, NFT information including update and deletion targets) in the smart contract of the blockchain 440.

Existing original documents (certificates) and NFTs are not deleted and stored as backups. However, the file distribution environment storage decrypts the existing original document (certificate) to prevent the use of the existing original document (certificate), and then inserts a watermark to lock the file (406). Then, backup and lock 404 of the existing document (eg, certificate) is completed.

In this way, the record of NFT information including the subject of update and deletion is recorded in the smart contract of the block chain 440 and transmitted to the file authentication system 430 (408). Thereafter, the file authentication system 430 provides the owner 420 with such updated and deleted details through a terminal or the like.

As described above, according to the blockchain-based method of registering, updating and/or discarding personal files after registration according to the present disclosure, security and forgery prevention of files can be further strengthened while management is not cumbersome.

5 is a diagram illustrating a method of registering an ID card and a user terminal in a file authentication system according to the present disclosure.

As shown in FIG. 5, when the issuing authority 20 issues an ID card (eg, an identification card) 10, the user activates a file authentication application and an NFC function installed in the user terminal 510 to authenticate the file. Through the application, the real ID card (eg, identification card) 10 is NFC-read (501).

The user terminal 510 performs external personal authentication 520 for the NFC-led ID card (eg, identification card) 10 through credible personal authentication such as financial certificate, biometric authentication, and mobile phone authentication (502). .

Thereafter, when ID card information, external personal authentication information, and an identification number of the user terminal 510 (eg, mobile phone) are provided to the file authentication system 530, the file authentication system 530 performs the ID card (eg, mobile phone) ID card and owner information inquiry is requested to the issuing institution 10 that issued the ID card 10 (504).

Upon successful inquiry, the file authentication system 530 requests personal account inquiry to the block chain 540 (505). Thereafter, the file authentication system 530 completes registration of the ID card and user terminal, activates a related application (eg, the file authentication application), and mounts an individual authentication module to the authenticated user terminal 510. (506).

Thereafter, the user may access the personal account of the block chain 540 through an individual authentication module installed in the user terminal 510 and be permitted access to the file distribution environment storage through the NFT.

6 is a diagram illustrating a method of logging in using a registered ID card.

In order to check the documents (certificate) provided by the issuing authority, you need to access your personal account on the blockchain, bring up the NFT list, and then access the file with the matching NFT key. On the other hand, the user needs to install a separate application on the user terminal 610 to access the file authentication system 630, and the mobile device on which this separate application is installed, that is, the user terminal 610, must be registered and authenticated in advance. do.

To this end, first, the user terminal 610 reads the ID card (eg, identification card) 10 provided to the owner by the issuing institution through the NFC function (601), and collects personal identification information.

Then, an authentication key is extracted using information related to the ID card (eg, identification card) 10 through the individual authentication module 620 mounted in the registered user terminal 610 .

The (login) authentication key extracted through the individual authentication module 620 and information related to the ID card (eg, identification card) 10 are provided to the file authentication system 630 together with the device information of the user terminal 610 ( 602). The file authentication system 630 links the personal account of the block chain 640 using the provided information (603). That is, the file authentication system 630 performs authentication by matching the personal account of the block chain 640 after the first proof through the individual authentication module 620. These authentication details (ie, information related to authentication) are recorded in the smart contract of the blockchain 640 and also recorded in the file authentication system 630.

The blockchain 640 records the account linkage 603 of the file authentication system 630, that is, the authentication and access records in a smart contract, and records the NFT list and meta information (eg, file creation date) in the file authentication system 630. , file name, and other information related to the file) are provided (604).

After that, the file authentication system 630 records the access to the registered user terminal 610 in the smart contract, and the NFT list and meta information (eg, file creation date, file name, other information related to the file) are sent to the user. It is provided to the terminal 610 (605).

When this process is completed, the separate application is now activated in the user terminal 610, and after going through the authentication process through the NFC read and stored digital ID card (eg, ID card), the personal account of the block chain 640 can access If you succeed in accessing your personal account, you will receive a list of NFTs and you will be able to access files with your NFT key.

As described above, according to the present disclosure, the authenticity of a document (certificate) can be easily confirmed even in an offline environment using only a personal authentication module installed in a mobile device that a user always possesses and a personal ID card issued in a place where document verification is required.

7 illustrates a process of a file access and view method according to the present disclosure.

Referring to FIG. 7 , through the authenticated user terminal 710, when a file authentication application is activated, a file access/read request may be requested to the file authentication system 730 through NFT (701). Then, the file authentication system 730 requests access to the personal account of the block chain 740 through the NFT (702), and the block chain 740 stores the file location of the distributed environment storage 750 through the NFT (key). approach

The distributed environment storage 750 receiving the access request decrypts an encrypted personal file, that is, a document (eg, a certificate) stored in the distributed environment storage using the NFT. At this time, decryption may be performed only on the encrypted access address of the encrypted personal file, not the personal file itself.

Meanwhile, the decrypted personal file is stored in a temporary memory space, and the user terminal 710 may be provided with a temporary URI for accessing the temporary memory space. In any case, the temporary URI provided to the user terminal 710 and the decrypted personal file stored in the temporary memory space are automatically destroyed so that they cannot be accessed any longer after a predetermined time elapses (705).

8 is a diagram illustrating a method of providing a copy of a file when requesting a file sharing based on a blockchain.

In order to access encrypted personal files stored in a blockchain-based distributed environment storage, a file authentication application must be executed on a registered user terminal and an authentication process must be performed through the stored digital ID card. When this authentication process is completed, the file authentication application can view or share a personal file using the NFT information provided from the file authentication system.

In addition, when viewing personal files, access the file authentication system through NFT, receive the access address and encryption key for the original file from the block chain, decrypt the encrypted access address, and decrypt the decrypted data stored in the temporary memory space. You can browse personal files, that is, documents (certificates). Personal files stored in the provided access address and temporary memory space (or the temporary memory space itself) are automatically destroyed after a set period of time.

Meanwhile, viewing to the extent of submitting a copy of the personal file or sharing the contents of the personal file follows the process of FIG. 8 .

Referring to FIG. 8, after executing a file authentication application through a user terminal 810 and authenticating 801 with a stored digital ID card, a sharing method (eg, SNS, E-mail, Fax, URI, etc.) and input sharer information.

The input sharing method and sharer information are transmitted to the file authentication system 830 through the file authentication application (802). The file authentication system 830 accesses the blockchain 840 (eg, a personal account of the blockchain 840) through the NFT (803). The blockchain 840 accesses the file location in the distributed environment storage 850 using the NFT (804).

The distributed environment storage 850 decrypts the file stored in the distributed storage through the NFT (805) and generates a file temporary address (860). The decrypted file is stored in a temporary memory space (eg, server cache), and is automatically destroyed after a predetermined period of time (806).

Depending on the embodiment, the decrypted file is not provided, and only a temporary address (URL) for accessing the decrypted file temporarily stored in the cache of the server may be delivered. Even in this case, the URL is deleted after a predetermined period of time.

Meanwhile, the sharing target person 870 may be requested to input an authentication key or a cell phone number according to a sharing method (807). Based on the response to this request, the URL described above may be transmitted to the sharing target 870 or the decrypted file may be imaged and transmitted.

Depending on the embodiment, document information including a copy and issuance history may be input as a watermark to a document (certificate) shared by the sharing target person 870 . In addition, records of viewing and sharing of these documents can all be stored in smart contracts on the blockchain.

As described above, according to the present disclosure, since a digital copy is submitted at the time of various administrative tasks requiring submission of a copy, not only can the authenticity of a document be easily confirmed, but also convenience is increased, and usability can be further expanded.

Next, FIG. 9 is a diagram illustrating an offline file access and reading method according to the present disclosure.

The registered document (certificate) can be updated regularly or upon request, and the contents of the document (certificate) can be updated. The blockchain-based document update 930 is as follows. First, the file authentication system 931 accesses the personal account of the blockchain 941 through NFT when an update request (eg, regular request, event request) is received, and an encrypted file that matches the distributed storage 951. After accessing , the content of the document (certificate) is updated, and a record thereof is provided to the smart contract and file authentication system (931). The file authentication system 931 transfers these records to the individual authentication module 920 mounted in the user terminal 910, so that the user can check the renewal of the document.

Offline file access and reading 940 is as follows.

Execute the file authentication application in the registered user terminal 910, NFC read the ID card (eg, identification card) 925, extract the authentication key with ID card information in the mounted individual authentication module 920, and encrypt generate a key The ID card (eg, identification card) 925 is encrypted through the individual authentication module 920 and stored in the internal storage 921 of the user terminal 910 .

At this time, the individual authentication module 920 sets and provides the validity period and usage authority of the document for validation 923 . In addition, the individual authentication module 920 temporarily stores the decrypted document in the temporary storage 924 when decryption is performed after validating 923 the encrypted document stored in the internal storage 921 . To this end, the individual authentication module 920 may provide an encryption and decryption module so that documents stored in the internal storage 921 can be read using ID card information. In addition, decrypted documents stored in the temporary storage 924 are automatically destroyed after a certain period of time.

In addition, when the contents of a document are updated or deleted, the individual authentication module 920 encrypts and stores such updated information. In this case, it is necessary to determine and provide a method to check the validity period of the updated document and whether or not it can be viewed.

10 is a schematic diagram illustrating a configuration in which a system according to an embodiment of the present disclosure, for example, an information processing system, is connected to communicate with a plurality of user terminals.

10 is a schematic diagram illustrating a configuration in which an information processing system 1030 according to an embodiment of the present disclosure is communicatively connected to a plurality of user terminals 1010_1, 1010_2, and 1010_3. As shown, a plurality of user terminals 1010_1, 1010_2, and 1010_3 are connected to an information processing system 1030 capable of registering, viewing, sharing, and updating personal files based on blockchain through a network 1020. can Here, the plurality of user terminals 1010_1, 1010_2, and 1010_3 provide user identification information identified by a private key (eg, password, UID, verifiable credential, VC), and/or user biometrics. Information, etc.) to request registration, viewing, renewal, deletion, etc. there is. In one embodiment, the information processing system 1030 is capable of storing, providing, and executing computer-executable programs (eg, downloadable applications) and data related to registering, reading, sharing, and updating blockchain-based files. It may include one or more server devices and/or databases, or one or more distributed computing devices and/or distributed databases based on cloud computing services.

Records and results related to blockchain-based file registration, viewing, sharing, and updating provided by the information processing system 1030 are a file authentication application and individual authentication installed on each of the plurality of user terminals 1010_1, 1010_2, and 1010_3. It may be provided to the user through a module, mobile browser application, web browser or web browser extension, and the like. For example, the information processing system 1030 is a personal file received from the user terminals 310_1, 310_2, 310_3 through a file authentication application or the like, that is, information corresponding to a request for registration, reading, sharing, or renewal of a document (certificate). or can perform corresponding processing.

The plurality of user terminals 1010_1, 1010_2, and 1010_3 may communicate with the information processing system 1030 through the network 1020. The network 1020 may be configured to enable communication between the plurality of user terminals 1010_1, 1010_2, and 1010_3 and the information processing system 1030.

Depending on the installation environment, the network 1020 may be, for example, a wired network such as Ethernet, a wired home network (Power Line Communication), a telephone line communication device and RS-serial communication, a mobile communication network, a wireless LAN (WLAN), It may consist of a wireless network such as Wi-Fi, Bluetooth, and ZigBee, or a combination thereof. The communication method is not limited, and the user terminals (310_1, 310_2, 310_3) as well as a communication method utilizing a communication network (eg, mobile communication network, wired Internet, wireless Internet, broadcasting network, satellite network, etc.) that the network 1020 may include ), short-range wireless communication between them may also be included.

10 shows that three user terminals 1010_1, 1010_2, and 1010_3 communicate with the information processing system 1030 through the network 1020, but is not limited thereto, and a different number of user terminals are connected to the network 1020. It may also be configured to communicate with the information processing system 1030 via.

According to one embodiment, the information processing system 1030 is a personal file that requires privacy protection and verification, such as an ID card (for example, ID card Yes ID card, driver's license, resident card, security pass, etc.) NFC chip information (eg, identification number, personal information, etc.) and personal file registration, reading, renewal, deletion, etc. can be received.

The information processing system 1030 is a MAC and / or S / N key of the user terminal 110 that can be obtained through the information (eg, identification number, personal information, etc.) of the received NFC chip and the block chain 140 Record in the smart contract 150, register the information of the user terminal 110 through the identification number of the ID card, and enter the personal account of the blockchain 140 through authentication according to the execution of the application of the user terminal 110 You can provide qualifications (e.g., grant an encrypted key) for access and issue NFTs. The information processing system 1030 encrypts and records personal files in a distributed storage such as IFPS, and provides related information and records to a user terminal that requests access to personal files to be authorized through personal account verification on a blockchain. can do.

On the other hand, the present invention can be widely used in fields where personal identification, personal file security, DRM (Digital Rights Management) digital content copyright protection, and file original verification are applied. In addition, security and copyright to files on the network, management of access history, software and services that require original verification of personal files, personal certificate or permit original verification and copy issuance management that requires privacy, personal medical data management, personal register, contract And it will be widely applicable to fields related to certification document management.

As described above, according to the computing method and system for managing files through account authentication of a block chain according to an embodiment of the present disclosure, the history of documents issued through authentication is recorded on a block chain and stored in a distributed environment. Since documents are recorded and stored in the personal document, it is easy to store and manage personal documents, and it is impossible to lose, forge or falsify. In addition, the user can easily check the authenticity of a document (certificate) even in an offline environment with only a personal authentication module installed in a mobile device that the user always possesses and a personal ID card issued in a place where document verification is required. Accordingly, it is possible to prove the authenticity of a document even in an urgent situation or in a poor environment with the convenience of a method of confirming the authenticity of a document. In addition, by using a digitally certified digital document, it is easy to keep the document and there is no concern about loss, forgery or alteration. In addition, since the history of document viewing and copy output by a third party is all recorded in the smart contract through NFT on the blockchain, it is easy to view but impossible to forge and alter, making document management more convenient. Furthermore, since copies are submitted digitally during various administrative tasks requiring submission of copies, for example, not only can the authenticity of documents be easily confirmed, but also convenience is increased, and usability can be further expanded.

The above method may be provided as a computer program stored in a computer readable recording medium to be executed on a computer. The medium may continuously store programs executable by a computer or temporarily store them for execution or download. In addition, the medium may be various recording means or storage means in the form of a single or combined hardware, and is not limited to a medium directly connected to a certain computer system, and may be distributed on a network. Examples of the medium include magnetic media such as hard disks, floppy disks and magnetic tapes, optical recording media such as CD-ROM and DVD, magneto-optical media such as floptical disks, and ROM, RAM, flash memory, etc. configured to store program instructions. In addition, examples of other media include recording media or storage media managed by an app store that distributes applications, a site that supplies or distributes various other software, and a server.

The methods, acts or techniques of this disclosure may be implemented by various means. For example, these techniques may be implemented in hardware, firmware, software, or combinations thereof. Those skilled in the art will appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchange of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends on the particular application and design requirements imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementations should not be interpreted as causing a departure from the scope of the present disclosure.

In a hardware implementation, the processing units used to perform the techniques may include one or more ASICs, DSPs, digital signal processing devices (DSPDs), programmable logic devices (PLDs) ), field programmable gate arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, electronic devices, and other electronic units designed to perform the functions described in this disclosure. , a computer, or a combination thereof.

Accordingly, the various illustrative logical blocks, modules, and circuits described in connection with this disclosure may be incorporated into a general-purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or may be implemented or performed in any combination of those designed to perform the functions described in A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, eg, a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other configuration.

In firmware and/or software implementation, the techniques include random access memory (RAM), read-only memory (ROM), non-volatile random access memory (NVRAM), PROM ( on a computer readable medium, such as programmable read-only memory (EPROM), erasable programmable read-only memory (EPROM), electrically erasable PROM (EEPROM), flash memory, compact disc (CD), magnetic or optical data storage device, or the like. It can also be implemented as stored instructions. Instructions may be executable by one or more processors and may cause the processor(s) to perform certain aspects of the functionality described in this disclosure.

Although the embodiments described above have been described as utilizing aspects of the presently-disclosed subject matter in one or more stand-alone computer systems, the disclosure is not limited thereto and may be implemented in conjunction with any computing environment, such as a network or distributed computing environment. . Further, aspects of the subject matter in this disclosure may be implemented in a plurality of processing chips or devices, and storage may be similarly affected across multiple devices. These devices may include PCs, network servers, and portable devices.

Although the present disclosure has been described in relation to some embodiments in this specification, various modifications and changes may be made without departing from the scope of the present disclosure that can be understood by those skilled in the art. Moreover, such modifications and variations are intended to fall within the scope of the claims appended hereto.

Claims (11)

A computing method for managing files through account authentication of a block chain, performed by at least one processor, comprising:
Registering a user terminal using identification information of a personal file by a blockchain-based file management system, and providing an individual authentication module to the registered user terminal to drive a file authentication application;
Generating, by a blockchain-based file management system, an encryption key for accessing a personal account of a blockchain based on authentication performed according to the execution of the file authentication application;
Generating an NFT file that can be accessed with the generated encryption key by a blockchain-based file management system; and
By a blockchain-based file management system, encrypting and registering the personal file in a distributed environment storage so that it can be accessed through the NFT file, and recording the registration of the personal file in a smart contract of the blockchain method. According to claim 1,
After the step of driving the file authentication application,
The method further comprising linking personal accounts of the blockchain using ID card information stored in the individual authentication module by a blockchain-based file management system. According to claim 2,
The step of recording the registration of the personal file,
Encrypting a personal file matching the personal account of the interlocked blockchain through the key of the NFT by a blockchain-based file management system; and
The method further comprising storing an encrypted hash value corresponding to an encrypted personal file in the distributed environment storage by a blockchain-based file management system. According to claim 3,
Encrypting the NFT file using a public key extracted by accessing through a personal account of the blockchain by a blockchain-based file management system; and
The method further comprising encrypting, by a blockchain-based file management system, an access address of an encrypted file uploaded to the distributed environment storage using the public key. According to claim 1,
After registering the personal file,
Receiving an update request for a file by a blockchain-based file management system; and
The method further comprising the step of generating an NFC file corresponding to the received update request by a blockchain-based file management system, decrypting and inserting a watermark into the existing NFC file, and then locking the file. According to claim 5,
The method further comprising, by a blockchain-based file management system, recording an update result in a smart contract of the blockchain and providing the update result to a user terminal corresponding to the request. According to claim 1,
The identification information of the personal file is NFC-read ID card information through the user terminal, the method. According to claim 1,
Receiving a file read request for a registered personal file by a blockchain-based file management system;
Performing authentication using the application activated according to the request and ID card information by a blockchain-based file management system, and accessing a personal account of the blockchain matching the request based on the authentication result;
A method further comprising the step of receiving a list of NFTs and accessing a personal file encrypted with an NFT key by a blockchain-based file management system. According to claim 8,
Decrypting the encrypted personal file by accessing the location of the encrypted personal file using the NFT key by a blockchain-based file management system; and
Storing the decrypted personal file in a temporary memory space by a blockchain-based file management system, and providing a temporary address for accessing the decrypted personal file stored in the temporary memory space to a user terminal corresponding to the request. How to include. According to claim 9,
Destroying the decrypted personal file stored in the temporary memory space and the temporary address when a predetermined time elapses after providing the temporary address to the user terminal by a blockchain-based file management system. According to claim 1,
Requesting file sharing for a registered personal file by a blockchain-based file management system;
Receiving a sharing method and sharer information corresponding to the file sharing after authentication through an ID card by a blockchain-based file management system;
A method further comprising, by a blockchain-based file management system, accessing a personal account of a blockchain through an NFT and providing a temporary address of a personal file decrypted through an NFT key based on the input information.

Images